Skip to content

Commit f9224a3

Browse files
rinatkhazievrinatkhaziev
committed
Pass 2 at GHA workflow
1 parent e93b8b2 commit f9224a3

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

.github/workflows/sea-build-sign.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,14 @@ jobs:
2020
build-sea-native:
2121
name: SEA Native (${{ matrix.target.name }})
2222
runs-on: ${{ matrix.target.runs_on }}
23+
env:
24+
SIGN_ARTIFACTS: ${{ inputs.sign_artifacts }}
25+
MACOS_CERTIFICATE_P12_BASE64: ${{ secrets.MACOS_CERTIFICATE_P12_BASE64 }}
26+
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
27+
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
28+
WINDOWS_CERTIFICATE_PFX_BASE64: ${{ secrets.WINDOWS_CERTIFICATE_PFX_BASE64 }}
29+
WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
30+
WINDOWS_TIMESTAMP_URL: ${{ vars.WINDOWS_TIMESTAMP_URL }}
2331
strategy:
2432
fail-fast: false
2533
matrix:
@@ -77,11 +85,7 @@ jobs:
7785
.\${{ matrix.target.binary_path }} whoami --help
7886
7987
- name: Import macOS signing certificate
80-
if: runner.os == 'macOS' && inputs.sign_artifacts && secrets.MACOS_CERTIFICATE_P12_BASE64 != '' && secrets.MACOS_CERTIFICATE_PASSWORD != '' && secrets.MACOS_SIGNING_IDENTITY != ''
81-
env:
82-
MACOS_CERTIFICATE_P12_BASE64: ${{ secrets.MACOS_CERTIFICATE_P12_BASE64 }}
83-
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
84-
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
88+
if: runner.os == 'macOS' && env.SIGN_ARTIFACTS == 'true' && env.MACOS_CERTIFICATE_P12_BASE64 != '' && env.MACOS_CERTIFICATE_PASSWORD != '' && env.MACOS_SIGNING_IDENTITY != ''
8589
run: |
8690
KEYCHAIN_PATH="$RUNNER_TEMP/build.keychain-db"
8791
CERT_PATH="$RUNNER_TEMP/macos-cert.p12"
@@ -99,12 +103,8 @@ jobs:
99103
codesign --verify --strict --verbose=2 ${{ matrix.target.binary_path }}
100104
101105
- name: Sign Windows executable
102-
if: runner.os == 'Windows' && inputs.sign_artifacts && secrets.WINDOWS_CERTIFICATE_PFX_BASE64 != '' && secrets.WINDOWS_CERTIFICATE_PASSWORD != ''
106+
if: runner.os == 'Windows' && env.SIGN_ARTIFACTS == 'true' && env.WINDOWS_CERTIFICATE_PFX_BASE64 != '' && env.WINDOWS_CERTIFICATE_PASSWORD != ''
103107
shell: pwsh
104-
env:
105-
WINDOWS_CERTIFICATE_PFX_BASE64: ${{ secrets.WINDOWS_CERTIFICATE_PFX_BASE64 }}
106-
WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
107-
WINDOWS_TIMESTAMP_URL: ${{ vars.WINDOWS_TIMESTAMP_URL }}
108108
run: |
109109
$certPath = Join-Path $env:RUNNER_TEMP 'codesign.pfx'
110110
[System.IO.File]::WriteAllBytes($certPath, [System.Convert]::FromBase64String($env:WINDOWS_CERTIFICATE_PFX_BASE64))

0 commit comments

Comments
 (0)